On December 8, 2020, openssl had issued a risk notice for the openssl denial of service vulnerability. The vulnerability number is CVE-2020-1971. The vulnerability level is high risk. When OpenSSL processes EDIPartyName (X.509 GeneralName...
On December 8, 2020, Apache Struts2 issued a risk notice for Apache Struts2 code execution vulnerability. The vulnerability number is CVE-2020-17530. The vulnerability level is high risk. In a specific environment, remote attackers can...
On November 30, 2020, containerd had issued a risk notice for containerd’s privilege escalation vulnerability. The vulnerability number is CVE-2020-15257, the vulnerability level is medium. containerd fixes a container permission escape vulnerability. The essence...
Last week we mentioned that the researcher found that Windows 7 and Windows Server 2008 (R2) performance monitoring registry has security configuration errors. This configuration error can be used to escalate the privileges of...
A few days ago, French security researchers accidentally discovered vulnerabilities in Windows 7 and Windows Server 2008, which have been discontinued. The attacker only needs to use very easy steps to elevate the privileges...
On November 25, 2020, Drupal issued a risk notice for Drupal code execution vulnerabilities, the vulnerability number is CVE-2020-28949/CVE-2020-28948. The vulnerability level is a high risk. Remote attackers can cause arbitrary code execution by...
Google Chrome has released Chrome version 87. In this new version, Google brings many new features and major improvements in the performance of Google Chrome. This article mainly introduces the major security vulnerabilities fixed...
On November 18, 2020, Cisco officially issued risk notices for multiple serious vulnerabilities, the vulnerabilities numbered CVE-2020-27130, CVE-2020-3531, CVE-2020-3586, and CVE-2020-3470. There are a total of 4 serious vulnerabilities in this notice. Attackers can...
On November 18, 2020, Drupal issued a risk notice for Drupal code execution vulnerability, the vulnerability number is CVE-2020-13671. The security risk is Critical. An unauthorized remote attacker can cause arbitrary code execution by...
Recently, Node.js officially released a security update to fix a denial of service vulnerability (CVE-2020-8277). Attackers can trigger a denial of service attack through DNS requests. Vulnerability Detail The vulnerable version of the Node.js...
On November 10, 2020, Citrix released Citrix SDWAN Center Security Update to warn about the vulnerability. These vulnerabilities numbers are CVE-2020-8271, CVE-2020-8272, and CVE-2020-8273. The exploit code (PoC) of CVE-2020-8271 has been made public....
DNS is the domain name resolution system. Our Internet life at the bottom completely relies on key infrastructure such as DNS. Of course, although the DNS system is very important, loopholes will inevitably be...
On November 16, 2020, XStream issued a risk notice for XStream remote code execution vulnerability. The vulnerability number is CVE-2020-26217. The vulnerability level is critical. There is a blacklist bypass in the old version...
On November 10th, Apache OpenOffice releases version 4.1.8 to fix arbitrary code execution vulnerability. Apache OpenOffice 4 is vulnerable to remote code execution attacks. If the victim opens a carefully crafted .odt file on...
On November 10, 2020, Intel officially released a risk notice for the Intel Wireless Bluetooth products privilege escalation vulnerability. The vulnerability number is CVE-2020-12321. The vulnerability level is critical, and CVSS Base Score: 9.6....
On November 10, 2020, Microsoft had issued a risk notice for a remote code execution vulnerability in the Windows network file system. The vulnerability number is CVE-2020-17051, the vulnerability level is critical. The CVSS:3.0...
